Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / bluetooth / hci_ldisc.c
blob5119c4bc6397a4d5ea69110679fa5166287d0781
1 /*
3 * Bluetooth HCI UART driver
5 * Copyright (C) 2000-2001 Qualcomm Incorporated
6 * Copyright (C) 2002-2003 Maxim Krasnyansky <maxk@qualcomm.com>
7 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #include <linux/module.h>
28 #include <linux/kernel.h>
29 #include <linux/init.h>
30 #include <linux/types.h>
31 #include <linux/fcntl.h>
32 #include <linux/interrupt.h>
33 #include <linux/ptrace.h>
34 #include <linux/poll.h>
36 #include <linux/slab.h>
37 #include <linux/tty.h>
38 #include <linux/errno.h>
39 #include <linux/string.h>
40 #include <linux/signal.h>
41 #include <linux/ioctl.h>
42 #include <linux/skbuff.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
47 #include "hci_uart.h"
49 #define VERSION "2.2"
51 static bool reset = 0;
53 static struct hci_uart_proto *hup[HCI_UART_MAX_PROTO];
55 int hci_uart_register_proto(struct hci_uart_proto *p)
57 if (p->id >= HCI_UART_MAX_PROTO)
58 return -EINVAL;
60 if (hup[p->id])
61 return -EEXIST;
63 hup[p->id] = p;
65 return 0;
68 int hci_uart_unregister_proto(struct hci_uart_proto *p)
70 if (p->id >= HCI_UART_MAX_PROTO)
71 return -EINVAL;
73 if (!hup[p->id])
74 return -EINVAL;
76 hup[p->id] = NULL;
78 return 0;
81 static struct hci_uart_proto *hci_uart_get_proto(unsigned int id)
83 if (id >= HCI_UART_MAX_PROTO)
84 return NULL;
86 return hup[id];
89 static inline void hci_uart_tx_complete(struct hci_uart *hu, int pkt_type)
91 struct hci_dev *hdev = hu->hdev;
93 /* Update HCI stat counters */
94 switch (pkt_type) {
95 case HCI_COMMAND_PKT:
96 hdev->stat.cmd_tx++;
97 break;
99 case HCI_ACLDATA_PKT:
100 hdev->stat.acl_tx++;
101 break;
103 case HCI_SCODATA_PKT:
104 hdev->stat.sco_tx++;
105 break;
109 static inline struct sk_buff *hci_uart_dequeue(struct hci_uart *hu)
111 struct sk_buff *skb = hu->tx_skb;
113 if (!skb)
114 skb = hu->proto->dequeue(hu);
115 else
116 hu->tx_skb = NULL;
118 return skb;
121 int hci_uart_tx_wakeup(struct hci_uart *hu)
123 struct tty_struct *tty = hu->tty;
124 struct hci_dev *hdev = hu->hdev;
125 struct sk_buff *skb;
127 if (test_and_set_bit(HCI_UART_SENDING, &hu->tx_state)) {
128 set_bit(HCI_UART_TX_WAKEUP, &hu->tx_state);
129 return 0;
132 BT_DBG("");
134 restart:
135 clear_bit(HCI_UART_TX_WAKEUP, &hu->tx_state);
137 while ((skb = hci_uart_dequeue(hu))) {
138 int len;
140 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
141 len = tty->ops->write(tty, skb->data, skb->len);
142 hdev->stat.byte_tx += len;
144 skb_pull(skb, len);
145 if (skb->len) {
146 hu->tx_skb = skb;
147 break;
150 hci_uart_tx_complete(hu, bt_cb(skb)->pkt_type);
151 kfree_skb(skb);
154 if (test_bit(HCI_UART_TX_WAKEUP, &hu->tx_state))
155 goto restart;
157 clear_bit(HCI_UART_SENDING, &hu->tx_state);
158 return 0;
161 /* ------- Interface to HCI layer ------ */
162 /* Initialize device */
163 static int hci_uart_open(struct hci_dev *hdev)
165 BT_DBG("%s %p", hdev->name, hdev);
167 /* Nothing to do for UART driver */
169 set_bit(HCI_RUNNING, &hdev->flags);
171 return 0;
174 /* Reset device */
175 static int hci_uart_flush(struct hci_dev *hdev)
177 struct hci_uart *hu = (struct hci_uart *) hdev->driver_data;
178 struct tty_struct *tty = hu->tty;
180 BT_DBG("hdev %p tty %p", hdev, tty);
182 if (hu->tx_skb) {
183 kfree_skb(hu->tx_skb); hu->tx_skb = NULL;
186 /* Flush any pending characters in the driver and discipline. */
187 tty_ldisc_flush(tty);
188 tty_driver_flush_buffer(tty);
190 if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
191 hu->proto->flush(hu);
193 return 0;
196 /* Close device */
197 static int hci_uart_close(struct hci_dev *hdev)
199 BT_DBG("hdev %p", hdev);
201 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
202 return 0;
204 hci_uart_flush(hdev);
205 hdev->flush = NULL;
206 return 0;
209 /* Send frames from HCI layer */
210 static int hci_uart_send_frame(struct sk_buff *skb)
212 struct hci_dev* hdev = (struct hci_dev *) skb->dev;
213 struct hci_uart *hu;
215 if (!hdev) {
216 BT_ERR("Frame for unknown device (hdev=NULL)");
217 return -ENODEV;
220 if (!test_bit(HCI_RUNNING, &hdev->flags))
221 return -EBUSY;
223 hu = (struct hci_uart *) hdev->driver_data;
225 BT_DBG("%s: type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
227 hu->proto->enqueue(hu, skb);
229 hci_uart_tx_wakeup(hu);
231 return 0;
234 static void hci_uart_destruct(struct hci_dev *hdev)
236 if (!hdev)
237 return;
239 BT_DBG("%s", hdev->name);
242 /* ------ LDISC part ------ */
243 /* hci_uart_tty_open
245 * Called when line discipline changed to HCI_UART.
247 * Arguments:
248 * tty pointer to tty info structure
249 * Return Value:
250 * 0 if success, otherwise error code
252 static int hci_uart_tty_open(struct tty_struct *tty)
254 struct hci_uart *hu = (void *) tty->disc_data;
256 BT_DBG("tty %p", tty);
258 /* FIXME: This btw is bogus, nothing requires the old ldisc to clear
259 the pointer */
260 if (hu)
261 return -EEXIST;
263 /* Error if the tty has no write op instead of leaving an exploitable
264 hole */
265 if (tty->ops->write == NULL)
266 return -EOPNOTSUPP;
268 if (!(hu = kzalloc(sizeof(struct hci_uart), GFP_KERNEL))) {
269 BT_ERR("Can't allocate control structure");
270 return -ENFILE;
273 tty->disc_data = hu;
274 hu->tty = tty;
275 tty->receive_room = 65536;
277 spin_lock_init(&hu->rx_lock);
279 /* Flush any pending characters in the driver and line discipline. */
281 /* FIXME: why is this needed. Note don't use ldisc_ref here as the
282 open path is before the ldisc is referencable */
284 if (tty->ldisc->ops->flush_buffer)
285 tty->ldisc->ops->flush_buffer(tty);
286 tty_driver_flush_buffer(tty);
288 return 0;
291 /* hci_uart_tty_close()
293 * Called when the line discipline is changed to something
294 * else, the tty is closed, or the tty detects a hangup.
296 static void hci_uart_tty_close(struct tty_struct *tty)
298 struct hci_uart *hu = (void *)tty->disc_data;
300 BT_DBG("tty %p", tty);
302 /* Detach from the tty */
303 tty->disc_data = NULL;
305 if (hu) {
306 struct hci_dev *hdev = hu->hdev;
308 if (hdev)
309 hci_uart_close(hdev);
311 if (test_and_clear_bit(HCI_UART_PROTO_SET, &hu->flags)) {
312 if (hdev) {
313 hci_unregister_dev(hdev);
314 hci_free_dev(hdev);
316 hu->proto->close(hu);
318 kfree(hu);
322 /* hci_uart_tty_wakeup()
324 * Callback for transmit wakeup. Called when low level
325 * device driver can accept more send data.
327 * Arguments: tty pointer to associated tty instance data
328 * Return Value: None
330 static void hci_uart_tty_wakeup(struct tty_struct *tty)
332 struct hci_uart *hu = (void *)tty->disc_data;
334 BT_DBG("");
336 if (!hu)
337 return;
339 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
341 if (tty != hu->tty)
342 return;
344 if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
345 hci_uart_tx_wakeup(hu);
348 /* hci_uart_tty_receive()
350 * Called by tty low level driver when receive data is
351 * available.
353 * Arguments: tty pointer to tty isntance data
354 * data pointer to received data
355 * flags pointer to flags for data
356 * count count of received data in bytes
358 * Return Value: None
360 static void hci_uart_tty_receive(struct tty_struct *tty, const u8 *data, char *flags, int count)
362 struct hci_uart *hu = (void *)tty->disc_data;
364 if (!hu || tty != hu->tty)
365 return;
367 if (!test_bit(HCI_UART_PROTO_SET, &hu->flags))
368 return;
370 spin_lock(&hu->rx_lock);
371 hu->proto->recv(hu, (void *) data, count);
372 hu->hdev->stat.byte_rx += count;
373 spin_unlock(&hu->rx_lock);
375 tty_unthrottle(tty);
378 static int hci_uart_register_dev(struct hci_uart *hu)
380 struct hci_dev *hdev;
382 BT_DBG("");
384 /* Initialize and register HCI device */
385 hdev = hci_alloc_dev();
386 if (!hdev) {
387 BT_ERR("Can't allocate HCI device");
388 return -ENOMEM;
391 hu->hdev = hdev;
393 hdev->bus = HCI_UART;
394 hdev->driver_data = hu;
396 hdev->open = hci_uart_open;
397 hdev->close = hci_uart_close;
398 hdev->flush = hci_uart_flush;
399 hdev->send = hci_uart_send_frame;
400 hdev->destruct = hci_uart_destruct;
401 hdev->parent = hu->tty->dev;
403 hdev->owner = THIS_MODULE;
405 if (!reset)
406 set_bit(HCI_QUIRK_NO_RESET, &hdev->quirks);
408 if (test_bit(HCI_UART_RAW_DEVICE, &hu->hdev_flags))
409 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks);
411 if (hci_register_dev(hdev) < 0) {
412 BT_ERR("Can't register HCI device");
413 hci_free_dev(hdev);
414 return -ENODEV;
417 return 0;
420 static int hci_uart_set_proto(struct hci_uart *hu, int id)
422 struct hci_uart_proto *p;
423 int err;
425 p = hci_uart_get_proto(id);
426 if (!p)
427 return -EPROTONOSUPPORT;
429 err = p->open(hu);
430 if (err)
431 return err;
433 hu->proto = p;
435 err = hci_uart_register_dev(hu);
436 if (err) {
437 p->close(hu);
438 return err;
441 return 0;
444 /* hci_uart_tty_ioctl()
446 * Process IOCTL system call for the tty device.
448 * Arguments:
450 * tty pointer to tty instance data
451 * file pointer to open file object for device
452 * cmd IOCTL command code
453 * arg argument for IOCTL call (cmd dependent)
455 * Return Value: Command dependent
457 static int hci_uart_tty_ioctl(struct tty_struct *tty, struct file * file,
458 unsigned int cmd, unsigned long arg)
460 struct hci_uart *hu = (void *)tty->disc_data;
461 int err = 0;
463 BT_DBG("");
465 /* Verify the status of the device */
466 if (!hu)
467 return -EBADF;
469 switch (cmd) {
470 case HCIUARTSETPROTO:
471 if (!test_and_set_bit(HCI_UART_PROTO_SET, &hu->flags)) {
472 err = hci_uart_set_proto(hu, arg);
473 if (err) {
474 clear_bit(HCI_UART_PROTO_SET, &hu->flags);
475 return err;
477 } else
478 return -EBUSY;
479 break;
481 case HCIUARTGETPROTO:
482 if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
483 return hu->proto->id;
484 return -EUNATCH;
486 case HCIUARTGETDEVICE:
487 if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
488 return hu->hdev->id;
489 return -EUNATCH;
491 case HCIUARTSETFLAGS:
492 if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
493 return -EBUSY;
494 hu->hdev_flags = arg;
495 break;
497 case HCIUARTGETFLAGS:
498 return hu->hdev_flags;
500 default:
501 err = n_tty_ioctl_helper(tty, file, cmd, arg);
502 break;
505 return err;
509 * We don't provide read/write/poll interface for user space.
511 static ssize_t hci_uart_tty_read(struct tty_struct *tty, struct file *file,
512 unsigned char __user *buf, size_t nr)
514 return 0;
517 static ssize_t hci_uart_tty_write(struct tty_struct *tty, struct file *file,
518 const unsigned char *data, size_t count)
520 return 0;
523 static unsigned int hci_uart_tty_poll(struct tty_struct *tty,
524 struct file *filp, poll_table *wait)
526 return 0;
529 static int __init hci_uart_init(void)
531 static struct tty_ldisc_ops hci_uart_ldisc;
532 int err;
534 BT_INFO("HCI UART driver ver %s", VERSION);
536 /* Register the tty discipline */
538 memset(&hci_uart_ldisc, 0, sizeof (hci_uart_ldisc));
539 hci_uart_ldisc.magic = TTY_LDISC_MAGIC;
540 hci_uart_ldisc.name = "n_hci";
541 hci_uart_ldisc.open = hci_uart_tty_open;
542 hci_uart_ldisc.close = hci_uart_tty_close;
543 hci_uart_ldisc.read = hci_uart_tty_read;
544 hci_uart_ldisc.write = hci_uart_tty_write;
545 hci_uart_ldisc.ioctl = hci_uart_tty_ioctl;
546 hci_uart_ldisc.poll = hci_uart_tty_poll;
547 hci_uart_ldisc.receive_buf = hci_uart_tty_receive;
548 hci_uart_ldisc.write_wakeup = hci_uart_tty_wakeup;
549 hci_uart_ldisc.owner = THIS_MODULE;
551 if ((err = tty_register_ldisc(N_HCI, &hci_uart_ldisc))) {
552 BT_ERR("HCI line discipline registration failed. (%d)", err);
553 return err;
556 #ifdef CONFIG_BT_HCIUART_H4
557 h4_init();
558 #endif
559 #ifdef CONFIG_BT_HCIUART_BCSP
560 bcsp_init();
561 #endif
562 #ifdef CONFIG_BT_HCIUART_LL
563 ll_init();
564 #endif
565 #ifdef CONFIG_BT_HCIUART_ATH3K
566 ath_init();
567 #endif
569 return 0;
572 static void __exit hci_uart_exit(void)
574 int err;
576 #ifdef CONFIG_BT_HCIUART_H4
577 h4_deinit();
578 #endif
579 #ifdef CONFIG_BT_HCIUART_BCSP
580 bcsp_deinit();
581 #endif
582 #ifdef CONFIG_BT_HCIUART_LL
583 ll_deinit();
584 #endif
585 #ifdef CONFIG_BT_HCIUART_ATH3K
586 ath_deinit();
587 #endif
589 /* Release tty registration of line discipline */
590 if ((err = tty_unregister_ldisc(N_HCI)))
591 BT_ERR("Can't unregister HCI line discipline (%d)", err);
594 module_init(hci_uart_init);
595 module_exit(hci_uart_exit);
597 module_param(reset, bool, 0644);
598 MODULE_PARM_DESC(reset, "Send HCI reset command on initialization");
600 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
601 MODULE_DESCRIPTION("Bluetooth HCI UART driver ver " VERSION);
602 MODULE_VERSION(VERSION);
603 MODULE_LICENSE("GPL");
604 MODULE_ALIAS_LDISC(N_HCI);